In part 1, the importance of knowing your system was discussed, in this article, the importance of properly managing and auditing these assets will be discussed. Proper management of ICT assets from an information security perspective involves knowing what properties of the assets are expected, being able to respond to new vulnerabilities quickly and knowing when unauthorised assets are present on your network.
When maintaining a hardware inventory, the key pieces of information that need to be captured are:
Capturing this information will help the security team to determine the impact of new vulnerabilities, exploits and intrusions. For example, if a new vulnerability was released affecting your firewalls, the patching could be prioritised quickly by pulling up a list of Internet facing firewalls and patching those first. The business units to contact regarding the patching could be easily identified and notified. The CAPEX budgets for replacing the hardware can be planned if the EOL is recorded and the risk of running unsupported hardware is reduced.
In addition to the points above, the following information should form part of a comprehensive software inventory:
A well-managed software inventory will allow the organisation to prioritise patches, updates and determine organisational impact of vulnerabilities.
Once the data that needs to be collected is determined and the general process around adding and maintaining assets is created. A suite of tools should be selected that fits the business’s workflows to make managing the inventory smooth. Having a smooth process will increase the productivity of the security team, allowing the business to extract more value from the security function.
Once both inventories are populated in the relevant tool or database, processes, procedures and tools should be implemented to ensure the inventories remain accurate and up to date. To verify the correct information is captured in the inventories, table-top exercises can be undertaken with the operations and system administrators to test the response time to determine the impacted systems when a critical vulnerability is reported. It is important that an organisation can respond quickly to vulnerabilities as many recent breaches where internal intrusion was involved were due missed or slow patching.
The other benefits of having a well-defined inventory is the configuration of security devices can be audited against the inventory to ensure the network access controls are appropriate. Monitoring systems can be more efficient at detecting and blocking unauthorised devices. The quality of the inventory will impact the effectiveness of the security controls the organisation implements.
This article has discussed some basic steps around the creation of an inventory, the important things to remember are;
Related:
Security Fundamentals - Part 1: Do this before buying the next security product
Security Fundamentals - Part 3: Controlling Admin Privileges